<?php
//var_dump($_POST);
if(!isset($_POST['btnSubmit'])){
    header("location:Register.php"); //跳转到注册页面
}else{
    $StudentID=$_POST['stuNo'];
    $StudentName=$_POST['stuName'];
    $Password=$_POST['pwd'];
    $ClassNo=$_POST['className'];
    $Sex=$_POST['sex'];
    $Hobby="";
    if(isset($_POST['hobby'])){
        $Hobby=implode('，',$_POST['hobby']);
    }
    $Mobile=$_POST['mobile'];
    $Email=$_POST['email'];

    //文件上传
    if(isset($_FILES['photo'])){
        $fname=$_FILES['photo']['name'];
        $destination='upload/'.$fname;
        move_uploaded_file($_FILES['photo']['tmp_name'], $destination);   //上传文件从临时文件夹移动至目标文件夹    
    }
    //把数据加入数据库
    require 'Conn.php';
    //$sql="INSERT INTO student VALUES('$StudentID','$StudentName','$Password','$ClassNo','$Sex','$Hobby','$Mobile','$Email','$fname')";
    //$result = $db->query($sql);
    $sql="INSERT INTO student VALUES(?,?,?,?,?,?,?,?,?)"; //参数以？代替
    $stmt=$db->prepare($sql); //预处理
    $stmt->bind_param('sssssssss',$StudentID,$StudentName,$Password,$ClassNo,$Sex,$Hobby,$Mobile,$Email,$fname); //绑定参数
    $result=$stmt->execute(); //执行查询

    if($result){
        echo "<script>alert('注册成功！');location='Students.php';</script>";
    }else{
        echo "<script>alert('注册失败！');location='Register.php';</script>";
    }
    $db->close();
}